From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:50531)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1QjU1e-0002Dd-DY
	for qemu-devel@nongnu.org; Wed, 20 Jul 2011 06:29:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1QjU1a-0004qT-81
	for qemu-devel@nongnu.org; Wed, 20 Jul 2011 06:29:10 -0400
Received: from mx1.redhat.com ([209.132.183.28]:8590)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1QjU1Z-0004qL-FJ
	for qemu-devel@nongnu.org; Wed, 20 Jul 2011 06:29:06 -0400
Date: Wed, 20 Jul 2011 11:28:46 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20110720102845.GF5015@redhat.com>
References: <4E258635.2040108@redhat.com> <4E258D70.6000205@redhat.com>
	<4E25902D.2000403@redhat.com> <4E2593B0.1030508@redhat.com>
	<4E2594FB.4050203@redhat.com>
	<CAJSP0QVdX4sRroJ1E_46ggPcxB8tSC52mJ+fFFNV83cTjzgD4g@mail.gmail.com>
	<20110719164613.GE12026@redhat.com> <4E269070.8050101@redhat.com>
	<20110720093609.GA5015@redhat.com>
	<20110720101502.GC2560@nicolas-desktop>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20110720101502.GC2560@nicolas-desktop>
Subject: Re: [Qemu-devel] [libvirt] Re:  live snapshot wiki updated
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Nicolas Sebrecht <nsebrecht@piing.fr>
Cc: "libvir-list@redhat.com" <libvir-list@redhat.com>, Jes Sorensen <Jes.Sorensen@redhat.com>, QEMU Developers <qemu-devel@nongnu.org>, Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

On Wed, Jul 20, 2011 at 12:15:02PM +0200, Nicolas Sebrecht wrote:
> The 20/07/11, Daniel P. Berrange wrote:
> 
> > To make the decision whether the filename from QEMU is valid, we have
> > to parse the master image header data to see if the filename actually
> > matches the backing file required by the image assigned to the guest.
> 
> Actually, libvirt should not have to worry if the filename provided by
> QEMU is valid. I think it should trust QEMU. If QEMU doesn't provide
> information others can trust; it should be fixed at QEMU side.

The security goal of libvirt is to protect the host from a compromised
QEMU, therefore QEMU is, by definition, untrusted.

> > We're not fighting over the internals of metadata. We just need to know
> > ahead of launching QEMU, what backing files an image has & what format
> > they are in. We do that by reading at the metadata headers of the disk
> > images. We never attempt to write to the disk images. Either someone
> > provides a library todo that, or we write the probing code for each
> > file format in libvirt. Currently we have the latter.
> 
> This is what I would call "fighting with QEMU internals". How do you
> prevent from concurrency access and modifications? Ideally speacking
> libvirt should be able to co-exist with foreign implementations, all
> requesting QEMU.

QEMU is *not* yet running at the time libvirt reads the file metadata.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|